Cannot Log Out Portal Users On The Radius Server; Users Logged Out By The Access Device Still Exist On The Portal Authentication Server; Re-Dhcp Portal Authenticated Users Cannot Log In Successfully - HP MSR Series Configuration Manual

Cannot log out portal users on the RADIUS server

Symptom
The access device uses the HPE IMC server as the RADIUS server to perform identity
authentication for portal users. You cannot log out the portal users on the RADIUS server.
Analysis
The HPE IMC server uses session control packets to send disconnection requests to the access
device. On the access device, the listening UDP port for session control packets is disabled by
default. Therefore, the access device cannot receive the portal user logout requests from the
RADIUS server.
Solution
On the access device, execute the radius session-control enable command in system view to
enable the RADIUS session control function.
Users logged out by the access device still exist on the portal
authentication server
Symptom
After you log out a portal user on the access device, the user still exists on the portal authentication
server.
Analysis
When you execute the portal delete-user command on the access device to log out a user, the
access device sends an unsolicited logout notification to the portal authentication server. If the
BAS-IP or BAS-IPv6 address carried in the logout notification is different from the portal device IP
address specified on the portal authentication server, the portal authentication server discards the
logout notification. When sending of the logout notifications times out, the access device logs out the
user. However, the portal authentication server does not receive the logout notification successfully,
and therefore it regards the user is still online.
Solution
Configure the BAS-IP or BAS-IPv6 attribute on the interface enabled with portal authentication.
Make sure the attribute value is the same as the portal device IP address specified on the portal
authentication server.
Re-DHCP portal authenticated users cannot log in
successfully
Symptom
The device performs re-DHCP portal authentication for users. A user enters the correct username
and password, and the client successfully obtains the private and public IP addresses. However, the
authentication result for the user is failure.
Analysis
When the access device detects that the client IP address is changed, it sends an unsolicited portal
packet to notify of the IP change to the portal authentication server. The portal authentication server
notifies of the authentication success only after it receives the IP change notification from both the
access device and the client.
If the BAS-IP or BAS-IPv6 address carried in the portal notification packet is different from the portal
device IP address specified on the portal authentication server, the portal authentication server
200